The present invention generally relates to a system and method for providing secure authentication of a device, and more particularly, but not exclusively, to providing an authentication system utilizing internal keying of devices, such that private keys are only stored internal to each device.
Small, low-power, wireless devices are used in many industrial and civilian application areas, including industrial process monitoring and control, machine health monitoring, environment and habitat monitoring, healthcare applications, building automation, utility monitoring and control, and traffic control. The wireless devices may communicate with one another and/or with a central server. Since the wireless devices may have the ability to perform critical functions, such as controlling traffic signals, controlling electricity and gas usage or controlling entry into a building, it is important that the security of the wireless devices not be compromised. Often wireless devices use cryptographic keys for data encryption and/or authentication. For example, wireless devices may use a symmetric key 128-bit advanced encryption standard for data encryption and/or frame integrity to protect data from being modified by parties without cryptographic keys. At the time of manufacture, producers may use public-key cryptography to embed, or inject, a private key that uniquely identifies a device. The private key may be used for authentication of the device. However, when producers use third-party manufacturers there could be a threat of key leakage, where not all of the keying material is used to manufacture legitimate devices. In this instance an illegitimate device may be embedded with a private key which may allow the illegitimate device unauthorized access to the wireless devices.
Furthermore, the private keys embedded into the devices are generated and stored external to the devices, such as in a database or a removable medium. If a third party were to obtain access to the database storing the embedded keys, the third party may be able to gain unauthorized access to one or more of the wireless devices. Instead of having to search through all possible 128-bit keys to obtain access to the devices, the search space of possible keys would be narrowed to the keys stored on the data store. Thus, the security of the wireless devices may rely on the security of the external data store where the set of keys are stored. Compromising the security of the data store may result in compromising the security of the wireless devices having keys stored therein.